[原文]Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the "(no argument given)" string is appended to the buffer.

-
不受影响的程序版本

University of Cambridge Exim 4.21

-
漏洞讨论

A heap corruption vulnerability has been discovered in Exim. The problem occurs due to insufficient bounds checking when handling user-supplied SMTP EHLO/HELO data. As a result, it may be possible to overrun the bounds of a heap memory buffer. Although it is believed to be unlikely, this could theoretically be exploited to execute arbitrary code with the privileges of Exim. It may also be possible to trigger a denial of service condition.

-
漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

-
解决方案

This issue has been addressed in the latest version of Exim. Also, patches have been released to address this issue in Exim 3.36 and 4.20. The vendor has reported that these patches will likely work on earlier versions as well, however it has not yet been confirmed. Users are advised to upgrade as soon as possible.

Debian has released an updated advisory (DSA 376-2) that addresses this issue. Previous packages to address this issue that were released by Debian were installed with incorrect permissions on documentation, users who are affected by this issue are advised to upgrade as soon as possible. Please see the referenced advisory for details on applying fixes.

Conectiva has released an advisory (CLA-2003:735) that addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory 200309-09 to address this issue. Affected users are advised to take the following action on affected systems: